| 摘要 |
<p>A method to prevent, detect and fight against cloning attacks by using payload keys to encrypt request and response messages exchanged between user units and server. The payload key in use is locally stored on both user unit and server. The user unit provides its locally stored payload key to the server, through a secured transmission, together with a request instruction encrypted with the payload key. Each time the server receives a request from a user unit the payload key is used for decrypting the request. The server then generates a derivation key used to compute a new payload key by the user unit. The derivation key is also securely sent back to the user unit, so that only the user unit owning the initial payload key which has encrypted the request instruction is able to compute the new payload key. The new payload key is stored on both the server and the user unit and used for the next exchanges. Doing this way, the payload key is modified during each request and response, allowing the server to check in the next incoming request from the same user unit if the payload key is the expected one. The server stores also a fallback payload key, which is the last payload key used by the user unit. By comparing the payload key provided by a user unit with the expected key or with the fallback key, the server can, by applying business rules, distinguish correct behaviors of authentic user units from unexpected system failures and from true cloning attacks.</p> |
